Free · 2 Minutes · No Commitment

Business Exposure
Self-Assessment

8 questions about your organisation's current security posture. Your answers generate an instant risk score — and tell you exactly where the gaps are.

Question 1 of 8 0%
Live Exposure Risk Score
Critical High Moderate Low
Answer questions to see your score
Question 01 / 08
Do you know which employee email addresses appear in documented breach databases?
Compromised corporate credentials are the most common entry point for targeted business attacks.
Yes — we monitor this
We have visibility into compromised employee credentials
No — we don't track this
We have no way to know if staff credentials are circulating
Question 02 / 08
Have you audited what automated scanners can currently see about your domain and infrastructure?
Every business with a domain is continuously scanned. What attackers can see is rarely what organisations expect.
Yes — we've done an audit
We know what's visible externally and have addressed it
No — we haven't checked
We don't know what our external footprint looks like to attackers
Question 03 / 08
Does your organisation enforce multi-factor authentication on all corporate email accounts?
Corporate email without MFA is the most exploited vulnerability in credential stuffing campaigns.
Yes — MFA is enforced
All staff use multi-factor authentication for email access
No — or only for some accounts
MFA is optional or not fully deployed across the organisation
Question 04 / 08
Are your executive names, titles, and email formats publicly listed on your website or LinkedIn?
Business email compromise attacks require only executive identity information and a mapped domain — both typically public.
Yes — executive info is public
Names, titles, and email patterns are findable online
No — we limit public exposure
Executive identity information is deliberately restricted
Question 05 / 08
Does your organisation have a documented process for employees to report a suspected phishing attempt?
Organisations without a reporting process have significantly longer dwell times after a successful phishing attack.
Yes — we have a process
Staff know exactly what to do and who to contact
No — there's no formal process
Reporting a suspicious email is ad hoc or unclear
Question 06 / 08
Do you know if your business appears in data broker databases that list your address, executives, and financial profile?
Data broker profiles are the primary intelligence source for targeted BEC, SIM swapping, and social engineering attacks.
Yes — we've checked and acted
We've audited broker listings and requested removals where possible
No — we haven't looked into this
We don't know what broker databases contain about us
Question 07 / 08
Has your organisation experienced an increase in suspicious emails, spoofed invoices, or impersonation attempts in the past 12 months?
An increase in targeting activity often indicates your organisation has appeared in a criminal-targeting source or breach event.
Yes — we've noticed more attempts
Suspicious activity has increased noticeably
No — nothing unusual
No noticeable increase in targeting activity
Question 08 / 08
Could you provide a client, insurer, or regulator with documented evidence of your current cybersecurity posture if asked today?
Inability to produce documentation is increasingly a liability in professional services sectors under regulatory scrutiny.
Yes — we have documentation
We can produce a current, verified security posture assessment
No — we don't have this
We couldn't produce security documentation on short notice
Assessment Complete

Request Full Assessment